CVE-2024-20251

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) (affected versions not specified)

Description The issue exists due to the lack of protection of the web page structure in the Cisco Identity Services Engine (ISE) management interface. This could allow a remote attacker to perform a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability is caused by the web-based management interface not properly validating user-supplied input, allowing an attacker to inject malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.